Critical Vulnerability in AIIMS ORBO Portal Exposes Sensitive Organ Donor Data

28 Jul 2025

Non-U.S.AAIMSAll India Institute of Medical SciencesORBOOrgan Retrieval Banking Organisationvulnerabilityhealthcarecybersecuritydata breachransomwareethical hackingsecurity auditincident response

In November 2022, the All India Institute of Medical Sciences (AIIMS) experienced a significant ransomware attack. Recently, a critical vulnerability in the AIIMS ORBO (Organ Retrieval Banking Organisation) portal was discovered by researcher Ashish Khaitan. This vulnerability exposed highly sensitive data of voluntary organ and tissue donors, potentially leading to severe consequences such as identity theft and fraud. The responsible disclosure of this vulnerability by Khaitan highlights the importance of ethical hacking and proactive security measures. This incident underscores the need for healthcare institutions to prioritize cybersecurity, conduct regular security audits, and establish robust incident response protocols. The exposure of such sensitive data could have far-reaching implications, including reputational damage and loss of public trust. Healthcare organizations must remain vigilant and proactive in identifying and mitigating vulnerabilities to protect sensitive patient data. The discovery and responsible reporting of this vulnerability serve as a reminder of the critical role that security researchers play in enhancing the overall security posture of institutions.